Daniel's CCIE Security Thread

I never thought I'd end up here, and I still can't quite believe I'm saying it, but I am throwing down the gauntlet: the next stage in my professional development is that I will become a CCIE in Security.

This is a long road and I will not rush to failure, so I am not even close to setting an anticipated lab date or even a hopeful date for the written exam. I intend to take the new version 5.0 written which opens up at the end of January, so I will have eight months at the very least before I can even sit for the easy part - but, again, it's a long road and I am not going to repeat my mistake with the CCNA Security of flinging myself headlong into it, passing the exam, and almost immediately forgetting everything I learned about ASA configuration. Fortunately I have the opportunity to touch all of the technology and concepts that I will be learning about in my current job, so I will be in a much better position to retain knowledge through daily, hands-on practice in addition to studying and labbing.

I have not attempted the CCNP Security, but I am also not going to entirely bypass those four exams. Most of the material will carry over into the CCIE, so I am just going to start on the CCIE topics and take the CCNP exams as check-on-learning events as I ramp up for the Written. That way I'll have some measurable benchmarks, I will recertify my existing certs, and I will have some attainable short-term goals to reach for.

Thanks to Katherine for bullying me into stepping up for the challenge (peer pressure works, kids!), Steve for reminding me to HTFU, Charles for keeping me on track, and RG for the daily grind.

First update - I've read chapters 2-11 in the CCNP Security SISAS 300-208 Official Cert Guide for about eight hours so far, and I also fired up the dCloud Firepower Management Center 6.0 v1.1 lab for a quick introduction to FMC. I've done this "lab" (it's really a sales demo) before, but I hadn't gone through it with the intention of learning how to configure the product. It's a little different when the only goal is to know how to talk about the product's features, and so today I went through it again and tried to pay attention to how the policies were built. I definitely have some major gaps in my understanding of how to design and configure a NGFW...

ISE is my overall priority right now, and I am focused on getting 300-208 knocked out within the next couple of months or so in order to renew my CCNAs for another few years. My plan is to read as much of the OCG as possible, take a note of anything that is new or unfamiliar in any way, study the crap out of those topics, and go back through the guided walkthrough sections with a live ISE system and follow along to get the muscle memory for building policies, authorization rules, conditions, and so on. On test day I won't have time to fumble around wondering where to go to configure a Downloadable ACL (Policy > Policy Elements > Results > Authorization > Downloadable ACLs).

Great job. I finished the SSFAMP stuff. Probably going to ready the Presidio ISE book then re-read the SISAS book. Makes me a little sad that it focuses on the old versions of ISE. Once you go ISE 2.1, you never go back...

Today's "lab" time - I use the word loosely - came from a customer engagement where the customer wanted to set up an automatic email alert whenever her network was getting DoSed. Simple, right? And, in fact, it is - it just took me a good half hour of fumbling around to figure out that I was looking for a Correlation policy with a rule and an associated email alert. Halfway through documenting the solution for the customer with a lot of pretty screenshots of the dCloud FMC 6.0 demo environment, I managed to create a server error on the back end of dCloud by deleting one of my user-created correlation rules, so that brought an end to that particular lab until I can get another instance spun up. That shouldn't take more than another twenty minutes or so and I will probably spend that time reading up on correlation events in the admin guide to get a better handle on where they are typically deployed. All in all, once I realized what it was I was trying to do, the Firepower Management Center made it pretty easy to actually accomplish it. +1 for logical UI design!